MidnightBSD

Advisories for vihor

CVE-2006-1496 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in index.php in ViHor Design allow remote attackers to inject arbitrary web script or HTML via (1) a remote URL in the page parameter, which is processed by an fopen call, or (2) HTML or script in the page parameter, which is returned to the client in an error message for the failed fopen call.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vihor vihordesign *
CVE-2006-1497 MEDIUM

Directory traversal vulnerability in index.php in ViHor Design allows remote attackers to read arbitrary files via the page parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vihor vihordesign 1.0.6